Lucene search
K

140 matches found

CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

InvenTree 安全漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.3 contained security vulnerabilities, which were caused by insecure server-side templates. These...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-16786

Malicious code in bioql PyPI...

3.5CVSS6.5AI score0.00281EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-42543

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-34399

Malicious code in bioql PyPI...

8.4CVSS6.5AI score0.00751EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6715

Malicious code in bioql PyPI...

8.2CVSS6.8AI score0.00601EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6042

Malicious code in bioql PyPI...

9CVSS9AI score0.01168EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/06/05 9:18 p.m.13 views

CVE-2025-49000

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS6.5AI score0.00281EPSS
Exploits0References1
NVD
NVD
added 2025/06/03 9:15 p.m.17 views

CVE-2025-49000

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

5.7CVSS0.00281EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/03 8:54 p.m.15 views

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/03 8:54 p.m.13 views

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS3.7AI score0.00281EPSS
Exploits0References3
CVE
CVE
added 2025/06/03 8:54 p.m.64 views

CVE-2025-49000

InvenTree (before v0.17.13) has an unbounded skip field in the built-in label-sheet plugin. An authenticated label-printing user can trigger a denial-of-service via memory exhaustion by supplying a large value, as described in CVE-2025-49000. The issue is fixed in v0.17.13 and higher. No workarou...

5.7CVSS6.7AI score0.00281EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/06/03 8:54 p.m.7 views

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS6.6AI score0.00281EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.6 views

PT-2025-23674

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.17.13 Description The issue affects the built-in label-sheet plugin, where the skip field lacks an upper bound. This allows any authenticated label-printing user to trigger a denial-of-service via memory exhaustio...

5.7CVSS6.5AI score0.00281EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.5 views

InvenTree 安全漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. It provides powerful low-level inventory control and parts tracking. A security vulnerability exists in InvenTree versions prior to 0.17.13, which stems from an uncapped skip field in the built-in label-sheet...

5.7CVSS6.4AI score0.00281EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/06 12:48 a.m.6 views

CVE-2022-3355

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...

8.2CVSS5.8AI score0.00601EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:28 p.m.6 views

CVE-2022-2113

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.7.2...

8.4CVSS5.8AI score0.00751EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:18 p.m.7 views

CVE-2022-2112

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...

9CVSS6.6AI score0.01209EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:13 p.m.9 views

CVE-2022-2134

Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0...

7.1CVSS6.7AI score0.00807EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:22 a.m.15 views

CVE-2024-47610

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

7.3CVSS6.3AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2024/10/07 9:15 p.m.42 views

CVE-2024-47610

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

7.3CVSS0.00294EPSS
Exploits0References2
Rows per page
Query Builder